Hello All I am forwarding one improved patch related with Fork Bombing Attack. This patch prints a message (only once) which alerts administrator/root user about fork bombing attack. I created this patch to implement my idea of informing administrator about fork bombing attack on his machine only once. This patch overcomes all drawbacks of my previous patch related with fork bombing attack and helps administrator. added comments will definitely help developers.
Regards Anand On 6/3/07, Daniel Hazelton <[EMAIL PROTECTED]> wrote:
On Sunday 03 June 2007 19:01:21 Nix wrote: > On 1 Jun 2007, Jens Axboe told this: > > I think Anand is assuming that because syslog may coalesce identical > > messages into "repeated foo times" in the messages file, that it's not a > > dos. That is of course wrong. > > Not all syslog daemons do that, anyway. (syslog-ng doesn't, for one.) That syslog-ng doesn't coalesce repeated messages into a single line doesn't make a difference. The printk_ratelimit stuff is supposed to make it very hard to DOS a system by flooding syslog, but that doesn't mean its impossible. The point of this discussion was that having a part of the kernel log a message about a fork-bomb was a very large whole that could be used to DOS a system by flooding the syslog. (In fact, IIRC, the printk_ratelimit (and somebody, please correct me if I'm wrong) stuff uses a ring buffer and seriously spamming syslog, like the patch that spawned this thread would have done, could cause you to lose potentially important messages) DRH
fork.patch
Description: Binary data